DEV Community

MarshmellowSalad
MarshmellowSalad

Posted on

SQL Injection

SQL is an extremely useful language for anyone who want to work with data structures. Its simple formatting allows those with little coding experience to understand the simple syntax, while it's versatility allows experts to create complex programs.

Unfortunately for introductory programmers, using SQL to connect your front end to your database leaves you vulnerable to certain malicious attacks. Hooking up a form on your web page that can be filled out to complete an SQL statement may be the simplest way to let users interact with your database, but it also the least secure. Below are some common SQL injections attacks and how you can defend your site from them.

Free Passwords!

One common SQL attack is a work around user security. If you throw user input in as a string to complete an SQL statement, it's like giving the user a blank check and hoping they follow rules. While, setting up a password entry might seem like a simple way to keep out unwanted agents, adding any true statement such as "OR 1=1" can bypass an improperly structured comparison statement.

Slippery Tables

Similar to the previous attack, if you throw user input directly into an SQL, problems will ensue. For visualization purposes, imagine you write an SQL statement, but leave the last word for the user to finish: SELECT * FROM $input;. A particularly savvy individual might realize, there's nothing stopping them from adding another statement at the end of your line: SELECT * FROM (tableA; DROP TABLE tableB);.

URL Form

Another problem with HTML forms is that the sent form, carries its information through it's URL. This allows users to what's being sent through the form and even manipulate that data, so if you're using that form to send information other than what the user should be able to change, you might come across some problems. For a quick example of this injection attack, check out the video below.

Top comments (0)